CVE-2021-1516 — Vulnetix

CVE-2021-1516 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.

EPSS 0.31% · 54.6th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.31%

54.6th percentile

Affected Products

Vendor	Product	Versions
cisco	web_security_appliance
cisco	ironport_web_security_appliance	13.6.2-023, 14.0.0-090, 14.0.0-292
cisco	email_security_appliance
Cisco	Cisco Web Security Appliance (WSA)	n/a
cisco	content_security_management_appliance

Exploit Intelligence

20210505 Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability (circl)

Timeline

Apr 13, 2021 CVE Published
May 7, 2021 EPSS Score
Jul 10, 2021 EPSS Score
Sep 10, 2021 EPSS Score
Nov 11, 2021 EPSS Score
Jan 12, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 15, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 16, 2022 EPSS Score
May 24, 2022 CVE Updated
Jul 18, 2022 EPSS Score

References

Open in Interactive Console →